receiving said first data packet en route to said second member; 

determining that said first data packet is being sent between members of said 
virtual private network; 

determining the packet manipulation rules for packets sent between members of 
said virtual private network; 

forming a secure data packet by executing said packet manipulation rules on said 
first data packet; and 

forwarding said secure data packet to said second member of said virtual private 
network, 

wherein said secure data packet contains information of a source address and a 
destination address of said first data packet; and 

wherein the ultimate source and destination . addresses jof the secure data packet 
being sent ( areconcealed while in transit by encapsulating the secure data packet, the 
secure data packet including an address portion and a data portion, in a second data 
packet which identifies the source and destination addresses only for the virtual private 
network units. 

2 (Amended). The method according to claim 1 wherein said step of determining 
that said first data packet is being sent between members of said virtual private network 
comprises the step of comparing the source and destination addresses of the first data 
packet to addresses stored in a virtual private network address table. 

3 (Unchanged). The method according to claim 1 wherein said step of 
determining the packet manipulation rules comprises the step of accessing a lookup table 
that maintains information identifying compression, encryption, and authentication 
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algorithms to be utilized for data packets sent between members of the virtual private 
network. 

4 (Amended). The method according to claim 3 wherein said step of forming a 
secure data packet comprises the steps of: 

encrypting at least a payload portion of the first data packet according to the 
identified encryption algorithm; and 

providing authentication information for the first data packet according to the 
identified authentication algorithm. 

5 (Amended). The method according to claim 3 wherein said forming a secure 
data packet includes the step of concealing the source and destination addresses of the 
first data packet according to the identified packet manipulation rules. 

6 (Amended). A method for recovering an original data packet from an 
encapsulated secure data packet sent between members of a virtual private network 
comprising the steps of: 



said virtual private network; 

recovering the original data packet by manipulating the secure data packet by 

reversing the identified packet rules; and 

forwarding the recovered original data packet to its destination, 

wherein said original data packet contains information of a source address and a 

destination address of said secure data packet. 




receiving said encapsulated secure.data packet; 




Qde-encapsulating the encapsulated-secure-da.ta packet; 



determining the packet manipulation rules for packets sent between members of 



3 



• 



7 (Unchanged). The method according to claim 6 wherein said step of 
determining the packet manipulation rules comprises the step of accessing a lookup table 
that maintains information identifying compression, encryption, and authentication 
algorithms to be utilized for data packets sent between members of the virtual private 
network. 

8 (Unchanged). The method according to claim 7 wherein said recovering step 
includes the step of recovering the source and destination addresses of the original data 
packet when they have been concealed. 

9 (Amended). A system for securely exchanging data packets between members 
of a virtual private network group comprising: 

a first computer at a first site, said first computer having a first network address; 
a first router associated with said first site, for routing data packets originating 
from said first computer over the public network; 

a first virtual private network unit disposed between said first router and said 



public network, said first virtual public unit for identifying virtual private network group 



data traffic and for securing said dat a traffic by manipulating said data traffic according 



to packet manipulation rules maintained by said first virtual private network unit,! and by 
encapsulating the data packets, the data packets including address portions and data 
portions, entirely in encapsulating data packets which identify the source and destination 



addresses only for the virtual private network units; J 

a second router associated with a second site for coupling said second site to the 
public network; 
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a second virtual private network unit disposed between said second router and the 



public network for intercepting network traffic destined for said second sit^said second^ 



recovering original packet data; and 

a second computer at said second site, said second computer having a second 
network address for receiving said packet data, 

wherein said data packet contains information of a source address and a 
destination address of said data packet. 

10 (Amended). The system of claim 9 wherein said first and second virtual 
private network units include means for verifying that said first and second computers are 
both members of said virtual private network group. 

1 1 (Amended). The system of claim 10 wherein said first and second virtual 
private network units each has an associated network address, said network traffic 
utilizing the virtual private network addresses to conceal the identity of the first and 
second network addresses. 

REMARKS: 

The above identified patent application has been amended and reconsideration 
and reexamination are hereby requested. 

Claims 1-11 are pending in this application. The Examiner has rejected claims 1- 
11. The Examiner has objected to claim 10. Claims 1, 2, 4, 5, 6, 9, 10, and 1 1 have been 
amended to clarify the features of the invention. The amendments made find support in 
the specification, and do not constitute new matter. 
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